Re: Wireless 802.1x RADIUS server dead action

tom.barat@dimensiondata.com · ‎06-18-2019

Hello,

In wired dot1X there is a mechanism to place a device in a specific vlan in case the radius server is unreachable and cannot assign vlan dynamically.

Is there a similar mechanism for wireless ?

Thank you,

Have a nice day

Sathiyanarayanan Ravindran · ‎06-18-2019

Hi tom.barat@dimensiondata.com ,

No, as far as I know. Client state will remains same in the 802.1x required unless the authentication gets complete. However you can have redundant servers, so that if primary fails it will automatically forward the traffic to redundant server.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

tom.barat@dimensiondata.com · ‎06-19-2019

Hello,

Thank you for the answer.

In this context, we do use 2 ISE appliances in two separate datacenters for redundancy, so the chances of losing both ISE at the same time are rather low.

Regardless, the client asked and i know the mechanism exists for wired so i was wondering.

I guess if there was such a mechanism for wireless 802.1x, anyone who would connect to the SSID would automatically be granted access through the server dead mechanism, which is not what we want security-wise.

Sathiyanarayanan Ravindran · ‎06-19-2019

Hi tom.barat@dimensiondata.com ,

Please check this Community Thread

HTH

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)